para 日志信息泄露漏洞

para is a multi-tenant backend server open-sourced by Erudika for rapidly building web and mobile applications. A log information disclosure vulnerability exists in versions prior to para 1.50.8, which stems from explicit logging of access tokens in the logs, which could lead to token disclosure...

CVE-2025-48955

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require...

CVE-2025-48955

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require...

CVE-2025-48955 Para Server Logs Sensitive Information

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require...

CVE-2025-48955

Summary: CVE-2025-48955 affects Para Server prior to version 1.50.8, where access and secret keys are logged unredacted during failed configuration logging in HealthUtils.java. This exposes credentials through log files and could enable credential leakage. The issue is resolved in 1.50.8 (upgrade...